• Document: HIPAA RISK ASSESSMENT
  • Size: 516.07 KB
  • Uploaded: 2018-12-08 23:10:21
  • Status: Successfully converted


Some snippets from your converted document:

HIPAA RISK ASSESSMENT PRACTICE INFORMATION ( FILL OUT ONE OF THESE FORMS FOR EACH LOCATION) Practice Name: Address: City, State, Zip: Phone: E-mail: We anticipate that your Meaningful Use training and implementation will take approximately 30 days. Most of your training will be done by attending courses at SammyUniversity.com. If, after you attend Sammy University you feel that you need additional on-on-one training, we will certainly make ourselves available to help you! Register for Meaningful Use ASAP! SammyEHR’s CMS EHR Certification ID is 30000001SVAKEAS. http://www.cms.gov/EHRIncentivePrograms/ HIPAA Compliance  ICS has made me aware of the HIPAA security requirements. I decline ICS’ offer to assist me in becoming HIPAA compliant.  Please assist me in becoming HIPAA compliant. I have completed the attached questionnaire. I will send it back to ICS completed to the best of my ability including payment ($399 for 1 office, $199 for each additional) Please make check payable and remit to: ICS Software, Ltd., 3720 Oceanside Road West, Oceanside, NY 11572 If paying by credit card, please include your information below: MasterCard Visa Amex Discover Card Number: __________________________________ Expiration: ___/___ Signature: __________________________________ Please send this form back to ICS via fax (516-763-1017), e-mail (support@ICSSoftware.net) or mail. As part of the requirement for meaningful use the practice is required to perform a risk assessment. The types of risks that need to be addressed include Physical, Administrative and Technical Risks. This document is the risk assessment. If you do not understand what is being asked for in any given location, please leave it blank. PHYSICAL RISKS Loss of Power Loss of Power not only results in the inaccessibility of data on practice computer systems, but improper shutdown of computer systems due to power outages can result in damage not only to hardware but to loss of the data on those computer systems. An assessment of the possibility of loss of power and implementation of measures to mitigate potential damage by this event is necessary. 1. How many times in the past year have you lost power? _____________________________ 2. Do you have a Backup Generator? __Yes __No 3. Do you have UPS (Battery Backup) on all critical technology devices? __Yes __No Critical devices can include computers, networking equipment, and phone systems. Your server would be a critical computer, NOT all workstations are critical devices, but at least one should have a UPS installed. 4. Do you have phones that can plug directly into the wall and do not require a power source? Loss of Internet Connectivity Use of the internet is required for connection to Health Information Exchanges, remote offices, and other data sources. This connectivity may be necessary to insure that the patient data is available. The more data that is located off premises, the greater impact a loss of connectivity will be to your practice. The needs of the practice for connectivity, will determine the severity of a loss of connectivity and the steps required to mitigate a loss of connectivity. 1. How many times in the past two years have you lost internet connectivity? _____________ 2. How many of these were accompanied by a loss of electricity? __________________________ 3. Do you have multiple connections from multiple internet carriers? __Yes __ No 4. Do you have a wireless internet connection such as a laptop edge card in case of a service outage? __Yes __ No 5. Is your database located at this location or is it offsite location? __This location __Offsite 6. Do satellite offices need to be able to connect to this location? 7. If your data is offsite it is located:  In your other office  In your computer at a data center  In the cloud at an ASP Other (please specify) ______________________________________________________________________________ ______________________________________________________________________________ Loss of Premises due to Fire In addition to the risks that fire poses to computer systems, fire poses a significant risk to the health and safety of the practice patients and workforce. The primary goal of a fire risk assessment and risk mitigation is to insure the safety of the people who are at the premises. With proper implementation of fire protection, it is possible to minimize damage to computer systems due to fire. In case of damage due to fire or other disaster, it may be necessary to implement the practice disaster recovery plan which is addressed in the HIPAA Security Manual. 1. Do you have fire extinguishers? __

Recently converted files (publicly available):